@@ -1661,6 +1661,23 @@ public static function update_user(
1661
1661
if (!is_null ($ password )) {
1662
1662
$ user ->setPlainPassword ($ password );
1663
1663
Event::addEvent (LOG_USER_PASSWORD_UPDATE , LOG_USER_ID , $ user_id );
1664
+ $ date = api_get_local_time (
1665
+ null ,
1666
+ null ,
1667
+ null ,
1668
+ null ,
1669
+ null ,
1670
+ null ,
1671
+ 'Y-m-d '
1672
+ );
1673
+ $ extraFieldValue = new ExtraFieldValue ('user ' );
1674
+ $ extraFieldValue ->save (
1675
+ [
1676
+ 'item_id ' => $ user ->getId (),
1677
+ 'variable ' => 'password_updated_at ' ,
1678
+ 'value ' => $ date
1679
+ ]
1680
+ );
1664
1681
}
1665
1682
1666
1683
$ userManager ->updateUser ($ user , true );
@@ -7683,29 +7700,75 @@ public static function deleteUserFiles($userId)
7683
7700
7684
7701
public static function redirectToResetPassword ($ userId )
7685
7702
{
7686
- if (!api_get_configuration_value ('force_renew_password_at_first_login ' )) {
7687
- return ;
7703
+ $ forceRenew = api_get_configuration_value ('force_renew_password_at_first_login ' );
7704
+
7705
+ if ($ forceRenew ) {
7706
+ $ askPassword = self ::get_extra_user_data_by_field (
7707
+ $ userId ,
7708
+ 'ask_new_password '
7709
+ );
7710
+
7711
+ if (!empty ($ askPassword ) && isset ($ askPassword ['ask_new_password ' ]) &&
7712
+ 1 === (int )$ askPassword ['ask_new_password ' ]
7713
+ ) {
7714
+ $ uniqueId = api_get_unique_id ();
7715
+ $ userObj = api_get_user_entity ($ userId );
7716
+
7717
+ $ userObj ->setConfirmationToken ($ uniqueId );
7718
+ $ userObj ->setPasswordRequestedAt (new \DateTime ());
7719
+
7720
+ Database::getManager ()->persist ($ userObj );
7721
+ Database::getManager ()->flush ();
7722
+
7723
+ $ url = api_get_path (WEB_CODE_PATH ).'auth/reset.php?token= ' .$ uniqueId ;
7724
+ api_location ($ url );
7725
+ }
7688
7726
}
7689
7727
7690
- $ askPassword = self ::get_extra_user_data_by_field (
7691
- $ userId ,
7692
- 'ask_new_password '
7693
- );
7728
+ $ forceRotateDays = api_get_configuration_value ('security_password_rotate_days ' );
7729
+ $ forceRotate = false ;
7694
7730
7695
- if (!empty ($ askPassword ) && isset ($ askPassword ['ask_new_password ' ]) &&
7696
- 1 === (int ) $ askPassword ['ask_new_password ' ]
7697
- ) {
7698
- $ uniqueId = api_get_unique_id ();
7699
- $ userObj = api_get_user_entity ($ userId );
7731
+ if ($ forceRotateDays > 0 ) {
7732
+ // get the date of the last password update recorded
7733
+ $ lastUpdate = self ::get_extra_user_data_by_field (
7734
+ $ userId ,
7735
+ 'password_updated_at '
7736
+ );
7700
7737
7701
- $ userObj ->setConfirmationToken ($ uniqueId );
7702
- $ userObj ->setPasswordRequestedAt (new \DateTime ());
7738
+ if (empty ($ lastUpdate ) or empty ($ lastUpdate ['password_updated_at ' ])) {
7739
+ error_log ('No password_updated_at ' );
7740
+ $ userObj = api_get_user_entity ($ userId );
7741
+ $ registrationDate = $ userObj ->getRegistrationDate ();
7742
+ $ now = new \DateTime (null , new DateTimeZone ('UTC ' ));
7743
+ $ interval = $ now ->diff ($ registrationDate );
7744
+ $ daysSince = $ interval ->format ('%a ' );
7745
+ error_log ('Days since registration: ' .$ daysSince );
7746
+ if ($ daysSince > $ forceRotateDays ) {
7747
+ error_log ('We need to force reset ' );
7748
+ $ forceRotate = true ;
7749
+ }
7750
+ } else {
7751
+ $ now = new \DateTime (null , new DateTimeZone ('UTC ' ));
7752
+ $ date = \DateTime::createFromFormat ('Y-m-d H:i:s ' , $ lastUpdate ['password_updated_at ' ], new DateTimeZone ('UTC ' ));
7753
+ $ interval = $ now ->diff ($ date );
7754
+ $ daysSince = $ interval ->format ('%a ' );
7755
+ if ($ daysSince > $ forceRotateDays ) {
7756
+ $ forceRotate = true ;
7757
+ }
7758
+ }
7759
+ if ($ forceRotate ) {
7760
+ $ uniqueId = api_get_unique_id ();
7761
+ $ userObj = api_get_user_entity ($ userId );
7762
+
7763
+ $ userObj ->setConfirmationToken ($ uniqueId );
7764
+ $ userObj ->setPasswordRequestedAt (new \DateTime ());
7703
7765
7704
- Database::getManager ()->persist ($ userObj );
7705
- Database::getManager ()->flush ();
7766
+ Database::getManager ()->persist ($ userObj );
7767
+ Database::getManager ()->flush ();
7706
7768
7707
- $ url = api_get_path (WEB_CODE_PATH ).'auth/reset.php?token= ' .$ uniqueId ;
7708
- api_location ($ url );
7769
+ $ url = api_get_path (WEB_CODE_PATH ).'auth/reset.php?token= ' .$ uniqueId .'&rotate=1 ' ;
7770
+ api_location ($ url );
7771
+ }
7709
7772
}
7710
7773
}
7711
7774
0 commit comments